﻿using System;

//using System.IdentityModel;
//using System.IdentityModel.Tokens;
using Microsoft.IdentityModel;
using Microsoft.IdentityModel.Claims;
//using Microsoft.IdentityModel.Protocols;
using Microsoft.IdentityModel.Tokens;
using Microsoft.IdentityModel.Tokens.Saml2;

namespace AMT.IdentityModel.OAuth
{
	/// <summary>
	/// Represents SAML identity assertions (claims) based on user name and password (plain-text)
	/// </summary>
	public class SAML20UserPasswordClaimToken : Saml2SecurityToken // REMOVE: SamlSecurityToken
	{
		private string _userName;
		private string _password;
		private Uri _uriAppliesTo;

		public SAML20UserPasswordClaimToken(string userName, string password, Uri uriAppliesTo)
			// TODO: this is bad! 
			:base (null)
		{
			if (null == userName) throw new ArgumentNullException("userName");
			if (string.IsNullOrEmpty(userName)) throw new ArgumentException("Invalid: userName is empty");
			if (null == uriAppliesTo) throw new ArgumentNullException("uriAppliesTo");

			_userName = userName;
			_password = password;
			_uriAppliesTo = uriAppliesTo;
		}


		public Saml2SecurityToken CreateToken()
		{
			var req = new SamlSecurityTokenRequirement();
			req.NameClaimType = ClaimTypes.Name;
			
			var x = new Saml2SecurityTokenHandler(req);

			string assertionId = "assertionId";
			string issuer = "Unique_ID_of_IdP";
			var issueInstant = DateTime.UtcNow;

			var descriptor = new SecurityTokenDescriptor();
			descriptor.TokenType = SecurityTokenTypes.Saml2TokenProfile11;
			descriptor.Lifetime = new Microsoft.IdentityModel.Protocols.WSTrust.Lifetime(issueInstant, issueInstant + new TimeSpan(8, 0, 0));
			descriptor.AppliesToAddress = _uriAppliesTo.AbsoluteUri.ToString();
			descriptor.Subject = new ClaimsIdentity(
				new System.Collections.Generic.List<Claim>()
				{
					new Claim("User", _userName)
				});

			Saml2SecurityTokenHandler tokenHandler = new Saml2SecurityTokenHandler();
			Saml2SecurityToken token = tokenHandler.CreateToken(descriptor) as Saml2SecurityToken;
			System.Diagnostics.Debug.Assert(null != token);
			return token;

		}

		private void UNUSED()
		{
			////Claim claim = new Claim(ClaimTypes.Name, UNtoken.UserName);
			//var UNtoken = new Saml2SecurityToken(token.Assertion);
			//IClaimsIdentity identity = new ClaimsIdentity(AuthenticationTypes.Password, ClaimTypes.Name, ClaimTypes.Role);
			//    //ClaimTypes.Name, "Password");
			////identity.Claims.Add(
			////    new Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/ClaimTypes.AuthenticationInstant",
			////    System.Xml.XmlConvert.ToString(DateTime.UtcNow, "yyyy-MM-ddTHH:mm:ss.fffZ"),
			////    "http://www.w3.org/2001/XMLSchema#dateTime")
			////);
			//identity.Claims.Add(
			//    new Claim(ClaimTypes.AuthenticationMethod,
			//        System.Xml.XmlConvert.ToString(DateTime.UtcNow, "yyyy-MM-ddTHH:mm:ss.fffZ"),
			//        ClaimValueTypes.Datetime)
			//);
			//identity.Claims.Add(
			//    new Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/ClaimTypes.AuthenticationMethod",
			//    "http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password")
			//);
			//return new ClaimsIdentityCollection(new IClaimsIdentity[] { identity });
	
			//// REMOVE:
			////SamlConditions samlConditions = null;
			////SamlAdvice samlAdvice = null;
			////System.Collections.Generic.List<SamlStatement> samlStatements = new System.Collections.Generic.List<SamlStatement>();
			////var sub = new SamlSubject(System.IdentityModel.Tokens.SamlConstants.EmailNamespace, "usesrname", userName);
			////var subSt = new SamlSubjectStatement();
			////subSt.SamlSubject = sub;

			////var assertion = new SamlAssertion(assertionId, issuer, issueInstant, samlConditions, samlAdvice, new SamlStatement[] {sub} ); //samlStatements);
			////System.Diagnostics.Debug.Assert(null != assertion);

		}

		#region Invalid or unimplemented SecurityToken methods
		public override string Id
		{
			get { throw new NotImplementedException(); }
		}

		public override System.Collections.ObjectModel.ReadOnlyCollection<System.IdentityModel.Tokens.SecurityKey> SecurityKeys
		{
			get { throw new NotImplementedException(); }
		}

		public override DateTime ValidFrom
		{
			get { throw new NotImplementedException(); }
		}

		public override DateTime ValidTo
		{
			get { throw new NotImplementedException(); }
		}
		#endregion
	}
}


